Damian Menscher wrote:
I got a virus this morning that made it past clamav-milter 0.87.1.
The attachment was double-encoded: after decoding the base64 email, it
left a uuencoded file. That file apparently bypassed being scanned
because it had a ^M at the end of the line (which violates the spec,
but don't tell M$ that!). So uudecode barfed on it with a "No `end'
line" message. But passing it through dos2unix results in a
uudecode-able file, which was then recognized as Worm.VB-8.
I'm guessing the uudecoder in clamav needs to be modified to strip any
^M from the file to allow for successful decoding? Note that I
haven't yet looked at the source, as I wanted to get the warning out
quickly.
Damian Menscher
A patch for this was posted to the clamav-team for testing earlier today.
-Nigel
--
Nigel Horne. Arranger, Adjudicator, Band Trainer, Composer, Typesetter.
NJH Music, Barnsley, UK. ICQ#20252325
[EMAIL PROTECTED] http://www.bandsman.co.uk
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
